HAL will be down for maintenance from Friday, June 10 at 4pm through Monday, June 13 at 9am. More information
Skip to Main content Skip to Navigation
Conference papers

What if Adversarial Samples were Digital Images?

Abstract : Although adversarial sampling is a trendy topic in computer vision , very few works consider the integral constraint: The result of the attack is a digital image whose pixel values are integers. This is not an issue at first sight since applying a rounding after forging an adversarial sample trivially does the job. Yet, this paper shows theoretically and experimentally that this operation has a big impact. The adversarial perturbations are fragile signals whose quantization destroys its ability to delude an image classifier. This paper presents a new quantization mechanism which preserves the adversariality of the perturbation. Its application outcomes to a new look at the lessons learnt in adversarial sampling.
Complete list of metadata

Cited literature [17 references]  Display  Hide  Download

https://hal.archives-ouvertes.fr/hal-02553006
Contributor : Patrick Bas Connect in order to contact the contributor
Submitted on : Wednesday, May 13, 2020 - 12:28:05 PM
Last modification on : Friday, April 8, 2022 - 4:08:03 PM

File

main_finalWOcopy.pdf
Files produced by the author(s)

Identifiers

Citation

Benoît Bonnet, Teddy Furon, Patrick Bas. What if Adversarial Samples were Digital Images?. IH&MMSEC 2020 - 8th ACM Workshop on Information Hiding and Multimedia Security, Jun 2020, Denver, France. pp.1-11, ⟨10.1145/3369412.3395062⟩. ⟨hal-02553006v2⟩

Share

Metrics

Record views

214

Files downloads

153